Cirene said:
I am creating an ASP.NET 2.0 website. Rather than using all the membership
functions I wanted to just create my own SQL Server db and use SESSION vars
to track if the user is logged in etc...
If you have a custom database schema you wish to use, you can still use
Membership. Just create your own custom provider.
Is doing it in this way just as secure?
The Session stuff is encrypted, so it should be secure enough. The
Membership bits still send encrypted information to the client, so it is
probably pretty equivalent.
I know that the "membership" stuff will save me some coding, but I was
just thinking....
A lot of coding. A lot of missed bugs. Etc.
Before rewriting the entire authentication system, I would look at creating
your own custom provider.
http://www.devx.com/asp/Article/29256
http://www.15seconds.com/issue/050216.htm
Google "Custom Membership Provider" and you should find a lot of additional
articles.
--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA
Subscribe to my blog
http://gregorybeamer.spaces.live.com/lists/feed.rss
or just read it:
http://gregorybeamer.spaces.live.com/
*************************************************
| Think outside the box!
|
*************************************************